Veriato Insider Threat Detection Solution

Insider threat ranks as the #1 fastest
growing cybersecurity concern according
to a recent survey of 4,500 CIOs and
technology leaders across the world

In 2017, 60% of security breaches involved internal actors

The median days to resolution of an
Insider Breach is 50 days, second only to
Malicious Code at 55 days, but more than
double Ransomware (22), Web Attacks (21),
Phishing (20), Denial of Service (18), Stolen
Services (14), Malware (6) and Botnets (2)

Sources of Insider Threat:

Entitled Eddie

This insider believes he has an unquestionable right to his work
product, even when he intends to take it with him and use it to
compete with his current employer. He exploits his access to the
work product and his knowledge of valuable information for
personal gain. He typically acts alone.

Disgruntled Debbie

Unlike some insiders, Disgruntled Debbie is not motivated by
financial gain. Instead, she feels justified in exacting revenge on the
organization for real or preceived slights. There are many well known
causes of employee disgruntlement. Luckily, she is more predictbale
and easier to detect than other malicious insiders.

The Ringleader

This insider does not work alone. She wants more than what she
helped create. She wants information she doesn’t have access to
because it falls outside of the scope of her responsibilities. Often,
Ringleaders want to go into business for themselves or work for the
competitor. They are typically motivated by financial gain.

The Imposter

An external actor who has gained accesss to insider credentials or a
former insider who has retained access logins. Imposters typically
target individual, service, or shared accounts as well as other
privileged credentials.

The Mole

The Mole is the quintessential double agent. Working inside a
company, but works for the benefit of an outside entity. The Mole
typically possesses specialized skills “often in science or engineering”
involved in creating IP and has access to the organization’s most
critical data.

of employees who leave an
organization say they take
sensitive data with them.

of data security breaches are
from internal sources.

Types of Insider Threats

Data Leak

Traditional preventative security measures
need to be augmented with tools built to
capture, analyze and when needed, alert
on insider activity and behavior. DLP
solutions are not built to deal with the
intentional, malicious insider. The list of
widely publicized leaks and breaches
stemming from inappropriate access to
corporate data is long and growing
steadily.

Intellectual Property Theft

Experts consistently maintain that
upwards of 70% of a corporation's
value is found in Intellectual Property
("IP"). While IP theft represents a small
percentage of the number of insider
attacks, as much as 50% of the
economic damage stemming from
insider threats is a result of the theft of
intellectual property. Securing critical
information like trade secrets has
never been more critical.

Privilege Abuse

All employees have some level of access to
corporate data and systems. Some, by the
nature of their positions, have elevated
privileges. Frequently these are employees
involved in the creation of the products
and services that make up the
organization’s value proposition or have
access to sensitive data types like customer
records, financial information, and
employee PII, and sensitive systems that, if
subject to sabotage, can bring an
organization to a halt.

In all Insider Threat cases, having a solution in place that focuses on the activities and
behaviors of the people interacting with corporate resources fills a critical blind spot, and
gives the organization the visibility it needs to detect risk, and prevent attack.

Because the insider already has internal access, accounts
and corporate assets, the primary focus for effectively
dealing with insider threats is detection.

Dr. Eric Cole, SANS Faculty Fellow

How We Help

The Veriato Approach to Insider Threat Detection

Our solution combines the most complete visibility into user activity with
the benefits of user behavior analysis. This translates into more chances to detect, and prevent, an insider attack.